This advisory has been withdrawn because it is a duplicate of GHSA-ppj4-34rq-v8j9. This link is maintained to preserve external references.
GJSON <= 1.9.2 allows attackers to cause a redos via crafted JSON input.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/tidwall/gjson | lt | 1.9.3 |
github.com/advisories/GHSA-c9gm-7rfj-8w5h
github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944
github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96
github.com/tidwall/gjson/issues/236
github.com/tidwall/gjson/issues/237
nvd.nist.gov/vuln/detail/CVE-2021-42248
pkg.go.dev/vuln/GO-2021-0265